"""
Case Type   : gs_checkse工具功能
Case Name   : 验证gs_checkse的A5检测项禁止PUBLIC角色拥有pg_authid
              系统表的权限检测与修复成功
Create At   : 2024/10/28
Owner       : lihongji
Description :
    1.赋予PUBLIC角色拥有pg_authid系统表权限后进行检测
    2.修复A5项后再次检测
    3.pg_authid系统表查看
Expect      :
    1.赋权成功，打印告警信息
    2.修复成功，不打印告警信息
    3.查询值为空
History     :
"""
import os
import time
import unittest

from testcase.utils.Logger import Logger
from testcase.utils.Common import Common
from testcase.utils.CommonSH import CommonSH
from testcase.utils.Constant import Constant
from yat.test import Node
from yat.test import macro


class GS_CHECKSE(unittest.TestCase):
    def setUp(self):
        self.log = Logger()
        self.log.info(f'----{os.path.basename(__file__)} start----')
        self.primaryNode = Node('PrimaryDbUser')
        self.sh_primary = CommonSH('PrimaryDbUser')
        self.constant = Constant()
        self.common = Common()
        self.env_path = macro.DB_ENV_PATH

    def test_gscheckse(self):

        step = ('----step1:赋予PUBLIC角色拥有pg_authid系统表权限后进行检测'
                'expect:赋权成功，打印告警信息----')
        self.log.info(step)
        grant_sql = "GRANT ALL PRIVILEGES ON pg_authid TO PUBLIC;"
        sql_res = self.sh_primary.execut_db_sql(grant_sql, dbname='postgres')
        gs_checkse_cmd = (f'source {self.env_path};'
                          f'gs_checkse -i A5 --detail')
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertIn("Prohibit the PUBLIC role from having permissions"
                      " on the pg_authid system table.",
                      check_res, '执行失败' + step)
        self.log.info(sql_res)
        self.assertIn(self.constant.GRANT_SUCCESS_MSG, 
                      sql_res, '执行失败' + step)

        step = ('----step2:修复A5项后再次检测 '
                'expect:修复成功，不打印告警信息----')
        self.log.info(step)
        gs_checkse_cmd = (f'source {self.env_path};'
                          f'gs_checkse -i B5 --detail;'
                          f'gs_checkse -i A5 --detail')
        self.log.info(gs_checkse_cmd)
        check_res = self.common.get_sh_result(self.primaryNode, gs_checkse_cmd)
        self.assertIn("Setting Permission management succeed",
                      check_res, '执行失败' + step)
        self.assertNotIn("Prohibit the PUBLIC role from having permissions"
                         " on the pg_authid system table.",
                         check_res, '执行失败' + step)

        step = '----step3:pg_authid系统表查看 expect:查询值为空----'
        self.log.info(step)
        check_sql = ("""SELECT relname,relacl FROM pg_class WHERE relname = 
        'pg_authid' AND CAST(relacl AS TEXT) LIKE '%,=%';""")
        self.log.info(check_sql)
        sql_res = self.sh_primary.execut_db_sql(check_sql, dbname='postgres')
        self.log.info(sql_res)
        self.assertIn('(0 rows)', sql_res, '执行失败' + step)

    def tearDown(self):
        step = '----step4:清理环境 expect:成功----'
        self.log.info(step)
        revoke_sql = "REVOKE ALL ON pg_authid FROM PUBLIC;;"
        sql_res = self.sh_primary.execut_db_sql(revoke_sql,
                                                dbname='postgres')
        self.assertIn(self.constant.REVOKE_SUCCESS_MSG,
                      sql_res, '执行失败' + step)
        self.log.info(f'----{os.path.basename(__file__)} end----')